SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Businesses caught underprepared for Active Directory outages, Cayosoft reveals
Mon, 19th Feb 2024

A new report by Cayosoft, a specialist in Microsoft Active Directory management, has highlighted a notable deficit in preparedness for Active Directory (AD) outages amongst businesses of all sizes. The report, based on a survey of over 1,000 IT professionals conducted in partnership with Research Lab, underlines that most organisations are poorly equipped to handle major AD outages, increasing the risk of significant financial and operational damage.

Active Directory is critical for many core system services, with the majority of businesses experiencing severe disruptions if the service goes down, as it influences customer transactions, supplier communications, and vital operations like email access and device logins. AD also feeds into key systems such as accounting and marketing.

An alarming growth in Active Directory outages has been seen, with a reported 172% increase in forest-wide Active Directory outages since 2021. Factors contributing to this increase include a rise in cyber attacks, the complex nature of hybrid environments, and human error. Despite such a considerable surge in these outages, there is a concerning lack of quick response and recovery. Only 6% of enterprises and 16% of overall businesses can restore their Active Directory in under an hour. Even more worryingly, almost half of the respondents reported that recovery can take several days, weeks, or even months, the company states.

An alarming lack of regular testing and outdated recovery solutions are seen as the primary causes for such prolonged recovery times. While daily testing of AD could significantly reduce these outages, 73% of respondents revealed they test less than once a month. Furthermore, 90% of enterprises, as well as 70% of medium-sized and 65% of small businesses, must rebuild or have clean servers ready. These lengthy processes, required by most standard AD backup and recovery solutions, are at the core of the delays.

Businesses seem to overrun the financial impact of AD outages. Seventy percent of respondents said they risk losing at least $100k per day in labour costs alone. In reality, the cost of downtime ranges hugely, depending on the size of the company. A giant enterprise with over 15,000 employees risks losing $4.5 million per day, a mid-sized company risks up to $1.5 million a day, and an SMB could lose up to $300k daily. These figures don't include other financial impacts of an AD outage, such as lost revenue.

"It's critical to reduce the downtime of an Active Directory forest outage. Many organisations falsely trust their AD recovery strategies will work in these pivotal moments, and few meet testing burdens, and even fewer fully comprehend the time and cost for a recovery," said Robert Bobel, CEO of Cayosoft. "Active Directory remains the cornerstone of almost every organisation, and with outages on the rise, a fast, complete recovery is the top priority."

Cayosoft's survey reveals the stark inadequacy of the businesses' understanding of the severity of AD outages and the importance of effective recovery strategies. George Coll, CEO of BWW Media Group, commented on the level of response to this survey, saying, "This extraordinary level of interest makes it clear that Active Directory outages are a critical concern across organisations of every size."